An opinionated guide to scaling your company's security |
Clint's talk summarising approaches from multiple companies |
Uber The Path to Code Provenance |
Strategy for ensuring we have a verifiable attestation of the origin of all code running in production |
Beyond The Security Team |
|
Implement Security Champions Programme |
Main steps for fast establishment of a Security Champions program regardless of the company size and maturity of the existing security processes |
How we run our bug bounty program at Segment |
|
A Guide to Threat Modelling for Developers |
Clear and simple steps to help teams that want to adopt threat modelling |
Awesome Threat Modeling |
|
Appsec Development: Keeping it all together at scale |
- Project Risk assessment: Help teams manage risk to their timeline and help security schedule penetration tests
- Security Impact Assessment: Let teams quickly exit the review process without the need for peer review
- Risk Assessment: Identify potentially risky items with peer review
- Threat Model: Analyze risky designs and create mitigations
|
Creating Security Decision Trees With Graphviz |
|
Democratizing Security: Application Security Scanning |
How to build an application and cloud security automation program |
Building a SAST program at Razorpay’s scale |
No single tool or technique can identify all security defects in an application. Part of building a mature Security program is to use a number of techniques to find security defects |
Best practices on rolling out code scanning at enterprise scale |
Some best practices on how to roll out centrally managed, developer-centric application security with a third party CI/CD system like Jenkins or ADO |
How DoorDash Ensures Velocity and Reliability through Policy Automation |
How DoorDash leverages OPA to build policy-based guardrails with codified rules that ensure velocity and reliability for cloud infrastructure automated deployments |
The Art of Vulnerability Management |
How to create a positive vulnerability management culture and process that works for engineers and the security team |
Vulnerability Scanning at Palantir |
/how Palantir streamlines and automates vulnerability remediation efforts |
Security Drone: Scaling Continuous Security at Revolut |
How Revolut uses a custom system to scale and improve their continuous security scanning |